[英]Create Superuser who can access more than one Schema in oracle 11G
I have two Schema Schema-1 and Schema-2.我有两个 Schema Schema-1 和 Schema-2。 I want to create one super User Who can access both Schema(Schema-1 and Schema-2).
我想创建一个可以同时访问 Schema(Schema-1 和 Schema-2)的超级用户。
I want to create a user with command in oracle 11g.我想在 oracle 11g 中使用命令创建一个用户。 It is possible?
有可能的?
Such an user already exists;这样的用户已经存在; it is called
SYS
, who owns the database.它称为
SYS
,拥有数据库。 Though, it is not a very good idea to use it for daily jobs - you'd rather (as you wanted) create your own "superuser" who is capable of doing such things.尽管如此,将它用于日常工作并不是一个好主意 - 您宁愿(如您所愿)创建自己的“超级用户”,他能够做这样的事情。 For example:
例如:
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> create user superuser identified by superman;
User created.
SQL> grant dba to superuser;
Grant succeeded.
OK, let's try it:好,我们来试试:
SQL> connect superuser/superman
Connected.
SQL> select count(*) From scott.emp;
COUNT(*)
----------
14
SQL> select table_name from dba_tables where owner = 'MIKE';
TABLE_NAME
------------------------------
EMP
DEPT
BONUS
SALGRADE
DUMMY
ABC
6 rows selected.
SQL> select * from mike.abc;
KEY ID SEQ THINGS DESCR
---------- ---------- ---------- ---------- ----------
1 1 0 Food Chicken
2 1 1 Cars BMW
3 1 2 Sport Soccer
4 2 0 Food Mutton
5 2 1 Cars Ford
6 2 2 Sport Tennis
6 rows selected.
SQL>
Now, is DBA
right role for that user, I can't tell.现在,
DBA
是否适合该用户的角色,我不知道。 Maybe it is not, so perhaps you'd rather grant only required set of privileges.也许不是,所以也许您宁愿只授予所需的一组权限。 Which set is it, I can't tell either.
是哪一套,我也说不清楚。
Maybe it would be enough to grant eg select
privileges to superuser
for both schema1
and schema2
users' tables.也许为
schema1
和schema2
用户的表授予superuser
select
权限就足够了。 Though, you can't do that in a single command - you'd have to do it separately for each user and for each of their tables (which means a lot of grant select
statements).但是,您不能在单个命令中执行此操作 - 您必须为每个用户和他们的每个表单独执行此操作(这意味着很多
grant select
语句)。 Let's try it:让我们试试看:
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> revoke dba from superuser;
Revoke succeeded.
SQL>
It is a boring job writing statement-by-statement, so I'll write code to write code for me:逐个语句写是一件很无聊的工作,所以我会写代码来为我写代码:
SQL> select 'grant select on ' || owner ||'.' ||table_name || ' to superuser;' str
2 from dba_tables
3 where owner in ('SCOTT', 'MIKE')
4 order by owner, table_name;
STR
--------------------------------------------------------------------------------
grant select on MIKE.ABC to superuser;
grant select on MIKE.BONUS to superuser;
grant select on MIKE.DEPT to superuser;
<snip>
grant select on SCOTT.TEST_B to superuser;
grant select on SCOTT.TEST_D to superuser;
26 rows selected.
SQL>
OK;好的; now copy/paste the above
grant
statements and run them.现在复制/粘贴上面的
grant
语句并运行它们。
SQL> grant select on MIKE.ABC to superuser;
Grant succeeded.
SQL> grant select on MIKE.BONUS to superuser;
Grant succeeded.
SQL> grant select on MIKE.DEPT to superuser;
Grant succeeded.
<snip>
SQL> grant select on SCOTT.TEST_B to superuser;
Grant succeeded.
SQL> grant select on SCOTT.TEST_D to superuser;
Grant succeeded.
SQL>
Does it work?它有效吗?
SQL> connect superuser/superman
ERROR:
ORA-01045: user SUPERUSER lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
SQL>
Aha!啊哈! Not just yet!
不仅如此! Revoking
DBA
revoked a large set of privileges, so superuser
now exists as user, but can't do anything.撤销
DBA
撤销了大量权限,因此superuser
现在作为用户存在,但不能做任何事情。 So, let's let it connect to the database:所以,让我们让它连接到数据库:
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> grant create session to superuser;
Grant succeeded.
SQL> connect superuser/superman
Connected.
SQL> select * From scott.dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
SQL> select * From mike.abc;
KEY ID SEQ THINGS DESCR
---------- ---------- ---------- ---------- ----------
1 1 0 Food Chicken
2 1 1 Cars BMW
3 1 2 Sport Soccer
4 2 0 Food Mutton
5 2 1 Cars Ford
6 2 2 Sport Tennis
6 rows selected.
SQL>
Right;对; much better.
好多了。 That's what I meant by saying "grant only required set of privileges";
这就是我所说的“仅授予所需的一组特权”的意思; don't grant more privileges than someone really needs.
不要授予比某人真正需要的更多的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.